From 36e4d0c6f0de5f1ca9192a898816db4ac8d42439 Mon Sep 17 00:00:00 2001
From: cjihrig <cjihrig@gmail.com>
Date: Sat, 10 Nov 2018 15:59:58 -0500
Subject: [PATCH] doc: document NODE_TLS_REJECT_UNAUTHORIZED

This commit documents the NODE_TLS_REJECT_UNAUTHORIZED
environment variable so that the world can know how
potentially dangerous it is.

PR-URL: https://github.com/nodejs/node/pull/24289
Fixes: https://github.com/nodejs/node/issues/24284
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
---
 doc/api/cli.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/doc/api/cli.md b/doc/api/cli.md
index 29f3360dda1d78..c970f4374aac6e 100644
--- a/doc/api/cli.md
+++ b/doc/api/cli.md
@@ -665,6 +665,12 @@ Path to the file used to store the persistent REPL history. The default path is
 `~/.node_repl_history`, which is overridden by this variable. Setting the value
 to an empty string (`''` or `' '`) disables persistent REPL history.
 
+### `NODE_TLS_REJECT_UNAUTHORIZED=value`
+
+If `value` equals `'0'`, certificate validation is disabled for TLS connections.
+This makes TLS, and HTTPS by extension, insecure. The use of this environment
+variable is strongly discouraged.
+
 ### `NODE_V8_COVERAGE=dir`
 
 When set, Node.js will begin outputting [V8 JavaScript code coverage][] to the